MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic for Applications
The heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' explicitly identifies this as a legacy Excel formula macro virus, specifically mentioning 'XF.Classic' and 'Poppy by VicodinES'. The document body contains strings like 'An Excel Formula Macro Virus (XF.Classic)' and 'Add New Workbook, Infect It, Save It As Book1.xls', confirming its intent to infect other Excel files and save them as 'Book1.xls' in the startup directory. This indicates a classic macro-based infection and potential payload delivery mechanism.
Heuristics 1
-
Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUSWorkbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Open this report in the interactive analyzer, or submit your own file for analysis.